Postscreen: Give temporary whitelist status to primary MX addresses only.

1 files changed, 1 insertions, 1 deletions

diff --git a/group_vars/all.yml b/group_vars/all.yml
index 77abc85..089c75f 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -12,31 +12,31 @@ ipsec:
   elefant:  172.16.0.4
   giraff:   172.16.0.5
   mistral:  172.16.0.6
 
 
 postfix_instance:
   # The keys are the group names associated with a Postfix role, and the
   # values are the name and group (optional) of the instance dedicated
   # to that role.
   # For internal services, we also specify its (non-routable) IP address
   # and port.
   # XXX it's unfortunate that we can only specify a single address, and
   #     therefore have to limit the number of outgoing SMTP proxy and
   #     IMAP server to one. Since hosts(5) files cannot map and IP
   #     address to multiple hostnames, a workaround would be to use
   #     round-robin DNS, but we can't rely on DNS as long as our zone is
   #     unsigned.
   IMAP:    { name: mda
            , addr: "{{ (groups.all | length > 1) | ternary( ipsec[ hostvars[groups.IMAP[0]].inventory_hostname_short ], '127.0.0.1') }}"
            , port: 2526 }
-  MX:      { name: mx,  group: mta }
+  MX:      { name: mx,  group: mta, backup: mx3.fripost.org }
   out:     { name: out, group: mta
            , addr: "{{ (groups.all | length > 1) | ternary( ipsec[ hostvars[groups.out[0]].inventory_hostname_short ], '127.0.0.1') }}"
            , port: 2525 }
   MSA:     { name: msa
            , port: 587 }
   lists:   { name: lists
            , addr: "{{ (groups.all | length > 1) | ternary( ipsec[ hostvars[groups.lists[0]].inventory_hostname_short ], '127.0.0.1') }}"
            , port: 2527 }
 
 imapsvr_addr: "{{ postfix_instance.IMAP.addr | ipaddr }}"